Another question. What is the purpose of SSL listener port for outbound requests? IP routing is enabled, because I need outbound PPTP calls. How can ISA break IpSec traffic? Can you give me any link to articles describing the problem? Thanks in advance... -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, February 25, 2004 5:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Secure channel to ISA http://www.ISAserver.org Yes, you can, but you can't restrict it to SSL-only. IPSec between LAT hosts is your best bet. Be careful, though; if you have "Enabled IP Routing" selected in IP Packet Filtering properties, your IPSec between ISA and the SecureNAT / Firewall clients can break when ISA moves traffic using the Kernel Mode Data Pump (keep her back, Tom!). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 25 Feb 2004 17:01:06 +0300 "Derbyshev Igor" <derbyshev@xxxxxxxx> wrote: http://www.ISAserver.org Thanks for reply. No, I'm not web publishing. I know how to configure SSL bridging in Web Publishing Rule. I'd like to know if I can implement the same functionality (SSL bridging) for client in corporate network accessing external resources. I.e. from the other side of firewall. P.S. I want to secure HTTP traffic while it flows through corporate network. Now I implement this solution using IpSec filters. I'm just interested ;) if I can do the same thing only by configuration of ISA & IE clients or not? -----Original Message----- From: Mike Malter [mailto:mike@xxxxxxxxxxxxxx] Sent: Wednesday, February 25, 2004 4:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Secure channel to ISA http://www.ISAserver.org Igor, If you are web publishing, go to the bridging tab of the properties of the site you are publishing and under Redirect HTTP requests, click SSL. Then you'll always have an SSL connection over your internal network from ISA to your website. Hope this helps. Mike Malter (415) 479-1968 Office (415) 309-4637 Mobile (415) 462-2941 FAX -----Original Message----- From: Derbyshev Igor [mailto:derbyshev@xxxxxxxx] Sent: Wednesday, February 25, 2004 2:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] Secure channel to ISA http://www.ISAserver.org Hello. I have an ISA Server 2000 in integrated mode. Can I configure ISA & clients so that channel between client and WebProxy was always secure (SSL), regardless of whether the destination site is secure (HTTPS) or not, i.e: 1. Client establishes an SSL session to WebProxy service. 2. The WebProxy service looks: if destination site is secure, it establishes new secure channel, otherwise a normal unsecure HTTP channel. Or only implementing IpSec can help me in this scenario? Thanks. Sincerely yours, Igor Derbyshev Systems Administrator, MCSA (W2k) tel: +7 (0832) 644039 e-mail: derbyshev@xxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: derbyshev@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: derbyshev@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')